Recently, my game ([Spooky Crate!] Sword Fight and Flex Your Time - Roblox) has been getting DDOS attacked over and over again by the exact same person who makes the server crash then proceeds to join my discord chat and spam a bunch of IP addresses from who knows where. This causes me to lose concurrent player counts of up to 60 due to a vulnerability in the ROBLOX website. I don’t think that there are any backdoors in my game: I handwrote all the scripts besides the admin commands which are open sourced and trusted. (Basic Admin Essentials 2.0)
I would be highly appreciative if anyone could help me fix this vulnerability in my game.
Don’t worry, you aren’t being DDOS’d. Players only have access to their client; if they do stuff to their client, it won’t update to the server, and no other players will see it. If this player is doing things that are causing the server to crash, (ie. affecting other players), then it is abusing a remote in your game. It is very likely that you either accidentally left a vulnerability in one of your remotes. Have you ever at any point loaded any free models into your place? If that is the case, you could also have a virus in your game which could give exploiters a backdoor in an otherwise secure game. I’ve dealt with a virus before, a ModuleScript named “?”, hidden in the InsertService and in Debris. Go through every single one of your remotes and look at what is able to be done, and go through all of game’s descendants and print out every script/modulescript’s fullname.
I agree with him. Make sure to typecheck any input you receive serverside via remotes, because wrong input types can error the script, thus crashing the server.
Can you provide details on what remotes you have set up for your game? Having information on what exactly the client is able to do to the server would be a great help in identifying the problem.
Roblox Customer Service will typically reply with no real help, usually giving resources that don’t relate to the issue at hand. Sending them a support request would mean waiting 3 days for a reply, only to receive what looks like an pre-typed or automated message from them.
Although plugins may be a source, there is probably a remote somewhere that is causing the issues. Recently, I found out that the segway in the BAE 2.0 script was causing major exploiting issues in my game, but only because we used that segway as one of our gamepasses. Make sure that all of your remotes don’t give any leeway for exploiters to do anything (meaning that you give as little information as possible in the remote and checking all of the information again on the server) and be sure to check any tools that you use in your game for any potential remotes. Ideally, tools should be controlled using LocalScripts as much as possible so that there is little room for any exploiters to take advantage of that.
I don’t believe its possible for there to be DDOS attacks on roblox games. They are most likely using a remote event in your game to make everyone in the server lag.
This is definitely not a DDoS attack. You probably have a severe security vulnerability. Have you been using free-models or virus plugins? If that’s not the case, it might be an unsecured remote-event that can be easily spammed.